The OS encrypts the token with your credentials. The fingerprint doesn't directly protect the token (it can't - we to date have no reliable way to consistently scan a fingerprint). What do you think I should choose? Is hardware token still the way to go or is biometric identification a sane alternative in my scenario? However, the fingerprint authentication is a biometric form of authentication and as far as I know can only be spoofed with a physical fingerprint and not software, thus possibly providing the same level of security.Īnother weak point could possibly be the risk of stealing the software token's seed. My understanding is that the hardware token option is more secure because phones and laptops nowadays can easily be infected with keylogging and other kinds of software to eavesdrop on my passwords. I'm given a choice between two banks's authentication procedures and I need help choosing the most secure and convenient option.Īuthentication into the web platform is done via username/password but transactions are performed via a combination of PIN and a onetime hardware token key.Īuthentication into the web platform is also done via username/password but transactions are performed by authenticating into a software token app on the phone via a fingerprint and getting a onetime token key.
0 kommentar(er)
